US20090274302A1 - Method for deriving traffic encryption key - Google Patents

Method for deriving traffic encryption key Download PDF

Info

Publication number
US20090274302A1
US20090274302A1 US12/432,841 US43284109A US2009274302A1 US 20090274302 A1 US20090274302 A1 US 20090274302A1 US 43284109 A US43284109 A US 43284109A US 2009274302 A1 US2009274302 A1 US 2009274302A1
Authority
US
United States
Prior art keywords
key
base station
tek
count value
mobile station
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/432,841
Other languages
English (en)
Inventor
Lin-Yi Wu
Chi-Chen Lee
I-Kang Fu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
MediaTek Inc
Original Assignee
MediaTek Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by MediaTek Inc filed Critical MediaTek Inc
Priority to US12/432,841 priority Critical patent/US20090274302A1/en
Priority to JP2011506564A priority patent/JP5225459B2/ja
Priority to PCT/CN2009/071612 priority patent/WO2009132599A1/en
Priority to CN2009800001444A priority patent/CN101682931B/zh
Priority to TW098114361A priority patent/TWI507059B/zh
Priority to EP09737709.7A priority patent/EP2277351A4/en
Assigned to MEDIATEK INC. reassignment MEDIATEK INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FU, I-KANG, LEE, CHI-CHEN, WU, LIN-YI
Publication of US20090274302A1 publication Critical patent/US20090274302A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/062Pre-authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W36/00Hand-off or reselection arrangements
    • H04W36/08Reselecting an access point

Definitions

  • the invention relates to a method for deriving a Traffic Encryption Key (TEK), and more particularly to a method for deriving a TEK in a seamless handover procedure.
  • TEK Traffic Encryption Key
  • a base station provides services to terminals in a geographical area.
  • the base station usually broadcasts information in the air interface to aid terminals in identifying necessary system information and service configurations so that essential network entry information can be gained and determination of whether to use services provided by the base station may be provided.
  • WiMAX Worldwide Interoperability for Microwave Access
  • IEEE 802.16-like systems if data encryption is negotiated between base station and terminal, traffic data is allowed to be transmitted after the TEK is generated.
  • the TEK is a secret key used to encrypt and decrypt the traffic data.
  • the base station randomly generates the TEK, encrypts the TEK by the KEK (Key Encryption Key) and distributes the encrypted TEK to the terminal.
  • the KEK is also a secret key shared between the terminal and the base station.
  • the KEK is derived by the terminal and base station individually according to a predetermined algorithm. After receiving the encrypted TEK from the base station, the terminal decrypts the TEK by the KEK.
  • the terminal encrypts the traffic data by the TEK after obtaining the TEK and transmits the encrypted traffic data to the base station.
  • the target base station generates the TEK after receiving a ranging request message from the terminal, and responds with the encrypted TEK to the terminal via a ranging response message.
  • traffic data transmission is inevitably interrupted during the time period after a handover message is sent, and until the TEK is received and decrypted. A long interruption time period seriously degrades the quality of the communication service.
  • a novel TEK generation method and a substantially seamless handover procedure are highly required.
  • a Mobile Station (MS), a Base Station (BS) and a method for deriving a Traffic Encryption Key (TEK) are provided.
  • An embodiment of a MS comprises a radio transceiver module and a processor.
  • the processor performs a handover negotiation procedure with a serving base station so as to handover communication services to a target base station by transmitting and receiving a plurality of handover negotiation messages via the radio transceiver module, and generates an Authorization Key (AK) context and derives at least one Traffic Encryption Key (TEK) for the target base station.
  • the AK context includes a plurality of keys shared with the target base station for protecting the information transmission with the target BS, and the TEK is a secret key shared with the target BS for encrypting traffic data without key distribution.
  • An embodiment of a method for generating at least one TEK shared between a MS and a BS without key distribution in a wireless communication system comprises: obtaining at least one key and information shared between the mobile station and the base station; and generating the TEK according to the information and the key via a predetermined function.
  • An embodiment of a BS in a wireless communication network comprises a network interface module, one or more radio transceiver module and a processor.
  • the processor receives a handover indication message from a network device in the wireless communication network via the network interface module, generates an AK context and derives at least one TEK for a MS after receiving the handover indication message, receives an authentication message from the MS via the radio transceiver module, and verifies consistency of the TEK and a TEK generated by the MS according to the received authentication message.
  • the handover indication message is a message to indicate that the communication service of the MS provided by the network device is to be transferred to the BS.
  • the authentication message is a message for the MS to authenticate its identity.
  • the TEK is a secret key shared with the MS for encrypting traffic data.
  • FIG. 1 shows an exemplary network topology of a wireless communication system according to an embodiment of the invention
  • FIG. 2 shows a schematic view of a base station according to an embodiment of the invention
  • FIG. 3 shows a schematic view of a mobile station according to an embodiment of the invention
  • FIG. 4 shows a schematic diagram illustrating an AK context generation procedure according to an embodiment of the invention
  • FIG. 5 shows a schematic diagram illustrating the initial network entry and handover operation procedures according to an embodiment of the invention
  • FIG. 6 shows a schematic diagram of a communication network for illustrating the TEK generation concept according to an embodiment of the invention
  • FIG. 7 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention
  • FIG. 8 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention
  • FIG. 9 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention.
  • FIG. 10 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention
  • FIG. 11 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention
  • FIG. 12 shows the message flows of handover operation procedures according to an embodiment of the invention.
  • FIG. 13 shows the message flows of handover operation procedures according to another embodiment of the invention.
  • FIG. 1 shows an exemplary network topology of a wireless communication system according to an embodiment of the invention.
  • the wireless communication system 100 comprises one or more Base Stations (BS) 101 and 102 in one or more sectors 105 and 106 that receive, transmit, repeat, etc., wireless communication signals and provide services to each other and/or to one or more Mobile Stations (MS) 103 and 104 .
  • the wireless communication system 100 further comprises one or more network device 107 in the backbone network (also referred as a Core Network (CN)) that communicates with the BSs to provide and maintain services for the BSs.
  • the MS may be a mobile phone, a computer, a notebook, a PDA, a CPE . . .
  • BSs 101 and 102 may be connected to an infrastructure network (e.g. the Internet) and, therefore, provide connectivity to the Internet.
  • the BSs 101 and 102 may facilitate peer-to-peer communication service (e.g. communication directly between MSs 103 and 104 ).
  • the wireless communication system 100 may be configured as a WiMAX communication system or adopt technologies based on one or more specifications defined in the series of IEEE 802.16 related standards.
  • FIG. 2 shows a schematic view of a BS according to an embodiment of the invention.
  • the BS 101 may comprise a baseband module 111 a radio transceiver module 112 and a network interface module 113 .
  • the radio transceiver module 112 may comprise one or more antennas, a receiver chain to receive wireless radio frequency signals and convert the received signals to baseband signals to be processed by the baseband module 111 , and a transmitter chain to receive baseband signals from the baseband module 111 and convert the received signals to wireless radio frequency signals to be transmitted to the air interface.
  • the radio transceiver module 112 may comprise a plurality of hardware devices to perform radio frequency conversion.
  • the network interface module 113 is coupled to the baseband module 111 and used to communicate with the network devices in the backbone network, such as the network device 107 as shown in FIG. 1 .
  • the baseband module 111 further converts the baseband signals to a plurality of digital signals, and processes the digital signals, and vice versa.
  • the baseband module 111 may also comprise a plurality of hardware devices to perform baseband signal processing.
  • the baseband signal processing may comprise Analog to Digital Conversion (ADC)/Digital to Analog Conversion (DAC), gain adjustments, modulation/demodulation, encoding/decoding, and so on.
  • the baseband module 111 further comprises a processor 114 and a memory 115 .
  • BSs 101 and 102 broadcast certain system information.
  • the memory 115 may store the system information of the base station 101 , and further store a plurality of software/firmware code or instructions to provide and maintain the wireless communication services.
  • the processor 114 executes the code and/or instructions stored in the memory 115 , and controls the operations of memory 115 , the baseband module 111 and the radio transceiver module 112 .
  • FIG. 3 shows a schematic view of a MS according to an embodiment of the invention.
  • the MS 103 may comprise a baseband module 131 , a radio transceiver module 132 and selectively comprise a subscriber identity card 133 .
  • the radio transceiver module 132 receives wireless radio frequency signals, converts the received signals to baseband signals to be processed by the baseband module 131 , or receives baseband signals from the baseband module 131 and converts the received signals to wireless radio frequency signals to be transmitted to a peer device.
  • the radio transceiver module 132 may comprise a plurality of hardware devices to perform radio frequency conversion.
  • the radio transceiver module 132 may comprise a mixer to multiply the baseband signals with a carrier oscillated at the radio frequency of the wireless communication system.
  • the baseband module 131 further converts the baseband signals to a plurality of digital signals, and processes the digital signals, and vice versa.
  • the baseband module 131 may also comprise a plurality of hardware devices to perform baseband signal processing.
  • the baseband signal processing may comprise analog to digital conversion (ADC)/digital to analog conversion (DAC), gain adjustments, modulation/demodulation, encoding/decoding, and so on.
  • the baseband module 131 further comprises a memory device 135 and a processor 134 .
  • the memory 135 may store a plurality of software/firmware code or instructions to maintain the operation of the MS.
  • the memory device 135 may also be configured outside of the baseband module 131 and the invention should not be limited thereto.
  • the processor 134 executes code or the instructions stored in the memory 135 and controls the operations of the baseband module 131 , the radio transceiver module 132 , and the plugged subscriber identity card 133 , respectively.
  • the processor 134 may read data from the plugged subscriber identity card 133 and writes data to the plugged subscriber identity card 133 .
  • the MS 103 may also comprise other types of identity module instead of the subscriber identity card 133 and the invention should not be limited thereto.
  • the BS and the terminal identify communication parties through an authentication procedure.
  • the procedure may be done by Extensible Authentication Protocol based (EAP-based) authentication.
  • EAP-based Extensible Authentication Protocol based
  • an Authorization Key (AK) context is derived by the MS and BS, respectively, so as to be used as a shared secret in encryption and integrity protection.
  • the AK context comprises a plurality of keys for message integrity protection.
  • FIG. 4 shows a schematic diagram illustrating an AK context generation procedure according to an embodiment of the invention.
  • a Master Session Key is firstly generated via the EAP-based authentication.
  • the MSK is an unique key shared between the MS and BS.
  • the MSK is truncated to generate the Pairwise Master Key (PMK), and the AK is then generated via the Dot16KDF operation according to the PMK, MS Media Access Control layer (MAC) address and the Base Station Identifier (BSID).
  • Two pre-keys CMAC_PREKEY_D and CMAC_PREKEY_U and a Key Encryption Key (KEK) are then generated via the Dot16KDF operation according to the AK, MS MAC address and the BSID.
  • the KEK is also a secret key shared between the MS and the BS for encrypting Traffic Encryption Key (TEK).
  • TEK Traffic Encryption Key
  • two message authentication keys CMAC_KEY_U and CMAC_KEY_D for protecting the integrity of uplink and downlink management message are generated via the Advanced Encryption Standard (AES) operation according to the pre-keys CMAC_PREKEY_D and CMAC_PREKEY_U and a count value CMAC_KEY_COUNT, respectively.
  • the count value CMAC_KEY_COUNT is used to differentiate new keys from the old ones.
  • the count value CMAC_KEY_COUNT is incremented for the new generation of the keys as illustrated above so as to assure the freshness of the keys.
  • the BS is capable of establishing multiple service flows for the MS.
  • SA Security Association
  • An SA is identified by an SA identifier (SAID) and describes the cryptographic algorithms used to encrypt and decrypt the data traffic.
  • SAID SA identifier
  • the SA may be negotiated in an SA-TEK 3-way handshake stage.
  • the MS could tell BS its capability in a request message SA-TEK-REQ, and the SA (including the SAID) established by the BS may be carried in a response message SA-TEK-RSP so as to be transmitted to the MS.
  • the MS may also obtain the SA in other specific way as known by the persons with ordinary skill in the art and the invention should not be limited thereto.
  • For each SA one or more TEK is generated and shared between the MS and the BS to be the encryption and decryption key in the cryptographic function.
  • the TEKs are randomly generated by the BS, and distributed to the MS in a secure way.
  • the traffic data transmission is inevitably interrupted during the time period after a handover request message is sent and until the TEK is received and decrypted, wherein the long interruption time period seriously degrades the quality of the communication service.
  • a novel TEK generation method and a substantially seamless handover procedure are provided.
  • FIG. 5 shows a schematic diagram illustrating the initial network entry and handover operation procedures according to an embodiment of the invention.
  • the SBS is a serving BS (such as the BS 101 shown in FIG. 1 ) that originally serves the MS (such as the MS 103 shown in FIG. 1 )
  • the TBS is a target BS (such as the BS 102 shown in FIG. 1 ) that the MS plans to handover the communication service to
  • the Authenticator may be one of the network devices in the backbone network (such as the network device 107 shown in FIG. 1 ) for storing the security-related information and handling the security-related procedures in the communication system.
  • the MS and the TBS may generate the TEKs, respectively, without any message exchange therebetween before entering the network re-entry stage.
  • the TEKs may be derived by the MS and the TBS, respectively, in the steps S 516 and S 517 as shown in FIG. 5 .
  • the TEKs may be generated according to a TEK derivation function to guarantee the uniqueness of the TEKs.
  • FIG. 6 shows a schematic diagram of a communication network for illustrating the TEK generation concept according to an embodiment of the invention.
  • the TEK is preferably derived according to the secret key shared between the MS and the TBS and the information known by the MS and the TBS.
  • the TEK derivation may be designed as:
  • TEK Function(KEK,Sequence Number,SAID,CMAC_KEY_COUNT) Eq. 1
  • the function as introduced in Eq. 1 uses four input parameters KEK, Sequence Number, SAID and CMAC_KEY_COUNT to generate new TEKs.
  • the input parameter KEK is the secret key shared between the BS and MS to guarantee that at a time, the TEKs are different between different MSs in the same BS. Since the KEK of a specific MS is different from the KEKs of the other MSs connecting to the same BS, the KEK may be used to distinguish between different MSs connecting to the BS.
  • the input parameter Sequence Number is a count value incremented every time when a new TEK is generated to guarantee that for an SA, the newly generated TEK is different from the old TEKs.
  • the TBS may reset the Sequence Number of the MS and let it start from zero in the TEK Derivation step S 516 and S 517 as shown in FIG. 5 . Since the Sequence Number is incremented every time when a new TEK is generated, the TEK Sequence Number may be used to distinguish between different generations of the TEK of the same SA in the same MS.
  • the input parameter SAID is the identifier for each SA to guarantee that the MS has different TEKs for different SAs. Since the SAID is an identifier of an SA established by the BS for the MS and corresponding to the TEK, the SAID may be used to distinguish between the TEKs of the different SAs in the same MS.
  • the input parameter CMAC_KEY_COUNT is a count value used to differentiate new Cipher Message Authentication Code (CMAC) key from the old one so as to guarantee that for an MS, the TEKs are different in each handover to a TBS, even if the TBS has been visited during the AK lifetime as defined by the corresponding standards.
  • the count value CMAC_KEY_COUNT may be incremented in each reentry of a BS and used to distinguish between different generations of message authentication keys in each reentry to the same BS.
  • the count value CMAC_KEY_COUNT is a value used to distinguish between different generations of the keys of the AK context of the MS
  • the count value CMAC_KEY_COUNT may be used to guarantee that the derived TEK is different from TEKs of the same SA in the same MS in the previous visit to the TBS.
  • the TEK derivation function may use the KEK as the encryption key, and use the rest of the input parameters as the plaintext data in a cryptographic function.
  • the cryptographic function may be the AES Electronic Code Book mode (AES-ECB), Triple-Data Encryption Standard (3-DES), International Data Encryption Algorithm (IDEA) . . . etc.
  • AES-ECB AES Electronic Code Book mode
  • 3-DES Triple-Data Encryption Standard
  • IDEA International Data Encryption Algorithm
  • the TEK derivation function may be expressed as:
  • TEK AES_ECB(KEK,SAID
  • the TEK derivation function may also be expressed as:
  • TEK AES_EDE(KEK,SAID
  • the cryptographic function may also be the cryptographic function Dot16KDF as adopted by the WiMAX standards and the TEK derivation function may be expressed as:
  • TEK Dot16KDF(KEK,SAID
  • the TEK since the TEK may be individually generated by the MS and the BS, it is preferably to negotiate the capability of a new TEK derivation in advance before performing the TEK derivation steps.
  • the MS and the SBS communicate with each other to perform a plurality of network entry related procedures, including capability negotiation, authentication, registration, and so on.
  • the MS and the SBS may inform each other of whether the TEK derivation is supported during handover in the initial network entry stage.
  • the notification may be carried out in the capability negotiation step (step S 510 ) as shown in FIG. 5 .
  • the capability negotiation is performed by transmitting the corresponding management messages to negotiate the basic capability supported by the MS and the BS.
  • the MS may inform the BS about whether handover is supported by the MS via a corresponding flag carried in the corresponding negotiation message, what kinds of cipher functions are supported by the MS, and the BS may also inform the MS about whether handover is supported by the BS and what kinds of cipher functions are supported by the BS, correspondingly.
  • the negotiation of the TEK derivation capability may be easily implemented by simply adding a flag to indicate the capability of the TEK derivation for the MS and the BS.
  • the flag for support of TEK derivation capability flag is not necessary named “TEK derivation support”. It can be other capability support flag including the support of the TEK derivation capability such as “seamless handover support”.
  • the MS After the network entry stage, the MS begins to access the network and uses the services provided by the SBS. Assuming that the MS or the SBS determines to handover the MS to the TBS (step S 511 ) according to some predetermined handover criteria defined by the corresponding specifications, a handover negotiation stage may be entered to perform the essential handover operations. In the handover negotiation stage, the MS and the SBS perform handover handshake operations (step S 512 ) and the SBS, TBS and Authenticator perform Core Network handover operations (step S 513 ). According to an embodiment of the invention, the SBS may inform the MS about the TEK derivation capability of the TBS during the handover handshake operations.
  • the SBS may carry a flag indicating the TEK derivation capability of the TBS in a handover request message when the handover procedure is initiated by the SBS, or may carry the flag in a handover response message when the handover procedure is initiated by the MS.
  • the TBS may also negotiate with the SBS and the Authenticator during the Core Network handover operations to obtain the information of the MS (which will be illustrated in detail in the following paragraphs).
  • the flag for support of TEK derivation capability flag is not necessary named “TEK derivation support”. It can be other capability support flag including the support of the TEK derivation capability such as “seamless handover support”.
  • a security key generation stage is entered.
  • the AK context may first be generated by the MS (step S 514 ) and by the TBS (step S 515 ), respectively.
  • the AK context may also be generated by the Authenticator or any other network devices in the Core Network (for example, in the Core Network handover operation step S 513 as shown in FIG. 5 ), and forwarded to the TBS.
  • the invention should not be limited thereto.
  • the AK context may be updated according to the procedures as illustrated in FIG. 4 and the corresponding paragraphs.
  • the TEK may be derived by the MS (step S 516 ) and by the TBS (step S 517 ), respectively, according to the TEK derivation functions as shown in Eq. 1 to Eq. 4, or the likes.
  • the traffic data transmission may begin.
  • the MS may encrypts and/or decrypts the traffic data and transmits and/or receives the encrypted traffic data to and/or from the TBS before performing a handover procedure for the TBS in the network re-entry stage. Since the traffic data transmission may begin right after the TEKs are derived, a substantially seamless handover may be achieved.
  • the MS and the TBS may further confirm the identity of each other in the network re-entry stage. Because the ranging request message RNG_REQ and the ranging response message RNG_RSP carry plurality of parameters that may be used to authenticate the identity of the MS and the BS, the MS and the TBS may mutually verify the identity of each other.
  • the ranging request and ranging response messages may carry the MS identity, the count value CMAC_KEY_COUNT and a CMAC digest generated according to the message authentication keys CMAC_KEY_U and CMAC_KEY_D, where both of the count value CMAC_KEY_COUNT and the CMAC digest may be used to authenticate the sender.
  • the CMAC digest may be derived via a Cipher-based Message Authentication Code (CMAC) function that calculates over some predetermined information by using a secret key CMAC_KEY_U as the message authentication key.
  • CMAC Cipher-based Message Authentication Code
  • FIG. 7 to FIG. 11 show the message flows of initial network entry and handover operation procedures under different circumstances according to an embodiment of the invention. Referring to FIG. 7 , MS initiated handover procedures are illustrated. The TEK derivation capability of the MS and the SBS is negotiated via the capability negotiation message in the initial network entry stage.
  • the MS may inform the SBS about whether the TEK derivation (or generation) is supported at the MS side via a flag TEK_GEN_SUPPORTED carried in the capability negotiation message.
  • the SBS may also inform the MS about whether the TEK derivation is supported at the SBS side via the flag TEK_GEN_SUPPORTED carried in the capability negotiation message.
  • the MS determines that the signal quality of the SBS is becoming weaker and initiation of handover procedure is required, the MS sends a handover request message MSHO_REQ to the SBS. After receiving the MSHO_REQ message, the SBS performs Core Network handover operations with the TBS, the Authenticator and/or other network devices in the backbone network.
  • the SBS may inform the TBS of the handover requirement of the MS via the message HO_REQ, and may also be informed of whether the TEK derivation is supported at the TBS side via any response messages.
  • the TBS may acquire the count value CMAC_KEY_COUNT of the MS from the Authenticator.
  • the count value CMAC_KEY_COUNT recorded by the Authenticator is notated by CMAC_KEY_COUNT_N (N represents the network side).
  • CMAC_KEY_COUNT_N represents the network side.
  • the SBS responds to the handover request message by the message BSHO_RESP.
  • the SBS may inform the MS about whether the TEK derivation is supported at the TBS side via the flag TEK_GEN_SUPPORTED_BY_TBS carried in the response message.
  • the flag for support of TEK derivation capability flag is not necessary named “TEK_GEN_SUPPORTED_BY_TBS”. It can be other capability support flag including the support of the TEK derivation capability such as “SEAMLESS_HO_SUPPORTED_BY_TBS”.
  • the handover handshake is completed after the MS sends out a handover indication message HO_IND.
  • the security key generation stage may be entered after the handover handshake is completed.
  • the MS and the TBS may generate a new AK context according to the procedures as illustrated in FIG. 4 , and may derive new TEKs according to the TEK derivation function as shown in Eq. 1 to Eq. 4, or the likes, respectively.
  • the MS and TBS should keep the synchronization of CMAC_KEY_COUNT values used in deriving AK context and TEK values.
  • the TBS should sets its CMAC_KEY_COUNT value (denoted as CMAC_KEY_COUNT_TBS) as CMAC_KEY_COUNT_N plus 1.
  • CMAC_KEY_COUNT_TBS CMAC_KEY_COUNT_N plus 1.
  • a further identity confirmation is performed in the network re-entry stage.
  • a new flag TEK_GEN_SUCCESS may be added in the ranging request message RNG_REQ to indicate that the TEKs have been generated successfully at the MS by using the count value (CMAC_KEY_COUNT_M) carried in the ranging request message.
  • CMAC_KEY_COUNT_M the count value carried in the ranging request message.
  • the flag for TEKs have not been generated is not necessary named “TEK_GEN_SUCCESS”. It can be other flag indicating that TEKs have been generated successfully such as “Seamless HO indication” in RNG-REQ message.
  • the TBS may also inform the MS about whether the TEKs have been generated successfully via an additional flag.
  • the TBS may inform the MS that the TEKs have been generated successfully at the TBS by using the count value carried in the ranging request message via the flag TEK_GEN_SUCCESS in the ranging response message RNG_RSP when the TBS verifies that the count value carried in the ranging request message equals to the count value CMAC_KEY_COUNT_TBS maintained by the TBS.
  • the flag for TEKs have been generated successfully is not necessary named “TEK_GEN_SUCCESS”. It can be other existing flags indicating that TEKs have been generated successfully such as HO optimization bits in RNG-RSP message.
  • FIG. 8 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention, wherein in this embodiment, the handover is initiated by the SBS.
  • the MS may inform the SBS about whether the TEK derivation (or generation) is supported at the MS side via a flag TEK_GEN_SUPPORTED carried in the capability negotiation message.
  • the SBS may also inform the MS about whether the TEK derivation is supported at the SBS side via the flag TEK_GEN_SUPPORTED carried in the capability negotiation message.
  • the SBS When the SBS determines that the signal quality of the MS is becoming weaker and determines initiation of the handover procedure, the SBS performs Core Network handover operations with the TBS, the Authenticator and/or other correlated network devices in the backbone network.
  • the SBS may inform the TBS of the handover requirement via the message HO_REQ, and may also be informed of whether the TEK derivation is supported at the TBS side via a response message.
  • the TBS may acquire the count value CMAC_KEY_COUNT (and information about the value TEK sequence number) of the MS from the Authenticator.
  • the SBS may inform the MS about whether the TEK derivation is supported at the TBS side via the flag TEK_GEN_SUPPORTED_BY_TBS carried in the handover request message BSHO_REQ.
  • the flag for support of TEK derivation capability flag is not necessary named “TEK_GEN_SUPPORTED_BY_TBS”. It can be other capability support flag including the support of the TEK derivation capability such as “SEAMLESS_HO_SUPPORTED_BY_TBS”.
  • the handover handshake is completed after the MS sends out the handover indication message HO_IND.
  • the security key generation stage may be entered after the handover handshake is completed.
  • the MS and the TBS generate new AK context according to the procedures as illustrated in FIG. 4 , and derive new TEKs according to the TEK derivation function as shown in Eq. 1 to Eq. 4, or the likes, respectively.
  • the count value CMAC_KEY_COUNT_M may be updated by the MS in the AK context generation step.
  • MS and TBS should keep the synchronization of CMAC_KEY_COUNT_M and CMAC_KEY_COUNT_TBS used in AK context and TEK derivation.
  • the traffic data may be encrypted by the newly derived TEKs and the traffic data transmission may begin. Since newly derived TEKs are identical at the MS and the TBS sides, the encrypted traffic data may be decrypted and decoded correctly by the MS and the TBS, respectively.
  • a further identity confirmation is performed in the network re-entry stage.
  • the flag TEK_GEN_SUCCESS (value is set to one) may be carried in the ranging request message RNG_REQ to indicate that the TEKs have been generated successfully at the MS by using the count value count value (CMAC_KEY_COUNT_M) carried in the ranging request message.
  • the TBS may also inform the MS that the TEKs have been generated successfully at the TBS by using the count value carried in the ranging request message via the flag TEK_GEN_SUCCESS set to one in the ranging response message RNG_RSP when the TBS verifies that the count value carried in the ranging request message equals to the count value CMAC_KEY_COUNT_TBS maintained by the TBS.
  • the flag for TEKs have been generated successfully is not necessary named “TEK_GEN_SUCCESS”. It can be other existing flags indicating that TEKs have been generated successfully such as HO optimization bits in RNG-RSP message.
  • FIG. 9 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention, wherein in this embodiment, the handover negotiation is uncompleted and error recovery procedure is applied.
  • the MS and the SBS determine that the signal quality is becoming weaker and determine initiation of the handover procedure.
  • the handover request and/or handover indication message(s) is unable to be propagated to the other sides due to bad network conditions. As shown in FIG.
  • the TBS is informed of the handover request from the SBS, but the MS is not aware of the handover request due to the transmission failure of the handover request messages BSHO_REQ and MSHO_REQ/HO_IND.
  • the MS may give up the handover negotiation and directly connect to the TBS to handover the communication service to the TBS.
  • the TBS generates a new AK context and derives new TEKs, but the MS does not generate a new AK context and derive new TEKs (the count value CMAC_KEY_COUNT_M may, however, still be incremented because of the handover operation).
  • a flag TEK_GEN_SUCCESS (value is set to zero to indicate no TEKs have been generated) may be carried in the ranging request message RNG_REQ to indicate that the TEKs have not been generated at the MS by using the count value (CMAC_KEY_COUNT_M) carried in the ranging request message.
  • CMAC_KEY_COUNT_M the count value carried in the ranging request message.
  • the flag for TEKs have not been generated is not necessary named “TEK_GEN_SUCCESS”. It can be other flag indicating that TEKs have been generated successfully such as “Seamless HO indication” in RNG-REQ message.
  • the TBS may decide whether to reuse the previous TEKs before handover, or re-generate TEKs by using the default method (for example, randomly generate) and send the newly derived TEKs to the MS.
  • the TBS informs the MS that the TEKs have not been generated successfully at the TBS by using the count value carried in the ranging request message via the flag TEK_GEN_SUCCESS set to zero, and informs the MS about whether to use the previous TEKs before handover via the flag USE_PREVIOUS_TEK in the ranging response message RNG_RSP.
  • the MS determines whether to reuse the previous TEKs before handover or use the TEKs generated by the new SBS (i.e. the TBS shown in FIG. 9 ) according to the flag USE_PREVIOUS_TEK. In this manner, inconsistency errors of the TEK can be recovered in the network re-entry stage.
  • the flag for TEKs have not been generated is not necessary named “TEK_GEN_SUCCESS”. It can be other existing flags indicating that TEKs have been generated successfully such as HO optimization bits in RNG-RSP message.
  • FIG. 10 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention, wherein in this embodiment, the TEK derivation has failed and an error recovery procedure is applied.
  • the handover handshake in the handover negotiation stage is completed, but the TEKs derivation at the TBS side has failed.
  • the failure of the new TEKs derivation causes traffic data transmission failure because the MS and TBS can not decrypt and decode the traffic data successfully.
  • a flag TEK_GEN_SUCCESS may be carried in the ranging request message RNG_REQ to indicate that the TEKs have been generated successfully at the MS by using the count value (CMAC_KEY_COUNT_M) carried in the ranging request message.
  • the TBS may decide whether to reuse the previous TEKs before handover, or re-generate TEKs by using the default method and send the newly derived TEKs to the MS after receiving the ranging request message.
  • the TBS informs the MS that the TEKs have not been generated successfully at the TBS by using the count value carried in the ranging request message via the flag TEK_GEN_SUCCESS set to zero, and informs the MS whether to use the previous TEKs before handover via the flag USE_PREVIOUS_TEK in the ranging response message RNG_RSP.
  • the MS determines whether to reuse the previous TEKs before handover or use the TEKs generated by the new SBS (i.e. the TBS shown in FIG. 10 ) according to the flag USE_PREVIOUS_TEK. In this manner, the TEK inconsistence error could be recovered in the network re-entry stage.
  • FIG. 11 shows the message flows of initial network entry and handover operation procedures according to an embodiment of the invention, wherein in this embodiment, the count values CMAC_KEY_COUNT_M and CMAC_KEY_COUNT_TBS are inconsistent and error recovery procedure is applied.
  • the count values CMAC_KEY_COUNT_M and CMAC_KEY_COUNT_TBS are inconsistent and error recovery procedure is applied.
  • the handover handshake in the handover negotiation stage is completed and the security key has been generated successfully by the MS and the TBS.
  • the count values CMAC_KEY_COUNT_M and CMAC_KEY_COUNT_TBS obtained by the MS and the TBS are inconsistent.
  • the MS may get the unsynchronized count value and derive the TEKs with the unsynchronized count value.
  • the TEKs derived by the MS and the TBS may be inconsistent and the traffic data transmission may fail because the MS and TBS can not decrypt and decode the traffic data successfully with different TEKs.
  • a flag TEK_GEN_SUCCESS may be carried in the ranging request message RNG_REQ to indicate that the TEKs have been generated successfully at the MS by using the count value (CMAC_KEY_COUNT_M) carried in the ranging request message.
  • CMAC_KEY_COUNT_M the count value carried in the ranging request message.
  • the TBS determines that the count value CMAC_KEY_COUNT_M of the MS is larger than the count value CMAC_KEY_COUNT_TBS obtained by the TBS, the TBS next may decide whether to reuse the previous TEKs before handover, or re-derive TEKs using CMAC_KEY_COUNT_M according to the TEK derivation functions as shown in Eq. 1 to Eq.
  • the TBS informs the MS that the TEKs have not been generated successfully at the TBS by using the count value carried in the ranging request message via the flag TEK_GEN_SUCCESS set to zero, and informs the MS whether to use the previous TEKs before handover via the flag USE_PREVIOUS_TEK in the ranging response message RNG_RSP.
  • the MS determines whether to reuse the previous TEKs before handover or use the TEKs generated by the new SBS (i.e. the TBS shown in FIG. 11 ) according to the flag USE_PREVIOUS_TEK. In this manner, inconsistency errors of the count value can be recovered in the network re-entry stage.
  • the count value CMAC_KEY_COUNT may only be updated to the Core Network in the initial network entry stage and in the network re-entry stage, the count value CMAC_KEY_COUNT_M maintained by the MS and the count value CMAC_KEY_COUNT_TBS obtained by the TBS may be different. Therefore, the count value is preferably synchronized in advance.
  • the MS may synchronize the count value CMAC_KEY_COUNT_M with the TBS in the handover handshake stage.
  • the MS may transmit the count value CMAC_KEY_COUNT_M to any network device in the Core Network, and the network device then relay the count value to the TBS.
  • the MS may transmit the count value CMAC_KEY_COUNT_M to the Authenticator, and then the Authenticator may relay the count value to the TBS.
  • FIG. 12 shows the message flows of handover operation procedures according to an embodiment of the invention.
  • the MS may generate a new AK context and update the count value CMAC_KEY_COUNT_M for the handover in the handover negotiation stage.
  • the updated count value CMAC_KEY_COUNT_M may be transmitted to the SBS via the handover indication message, or transmitted to any other network device in the Core Network via the corresponding messages.
  • the count value CMAC_KEY_COUNT_M may be further relayed by any network devices in the Core Network to finally arrive at the TBS side.
  • the SBS relays the information via an indication message CMAC_KEY_COUNT_UPDATE.
  • the MS may verify to the TBS that the count value CMAC_KEY_COUNT_M has been actually sent by the MS and has not been modified by any third party via the CKC_INFO carried in the handover indication message HO_IND.
  • the CKC_INFO may be generated according to at least one secret key shared with the TBS and at least one information known by the TBS.
  • the CKC_INFO may be obtained according to:
  • the CKC_Digest may be generated according to any secret key or information shared between the MS and the TBS, and the operation “
  • the CKC_Digest may be derived via a Cipher-based Message Authentication Code (CMAC) function that receives some shared information as the plaintext data and encrypts the information by using a secret key CMAC_KEY_U as the cipher key.
  • CMAC Cipher-based Message Authentication Code
  • the AKID is the identity of the AK from which the CMAC_KEY_U is derived
  • the CMAC_PN CMAC Packet Number
  • the TBS may check the integrity and the origin of the count value to verify the authenticity of this information, and update the count value CMAC_KEY_COUNT_TBS when the received count value CMAC_KEY_COUNT_M passes the verification.
  • the TBS may acquire the count value CMAC_KEY_COUNT_N from Core Network, and verify the CKC_Info by the obtained count value CMAC_KEY_COUNT_N. According to an embodiment of the information, the TBS first determines whether the obtained count value CMAC_KEY_COUNT_M is greater than or equal to the count value CMAC_KEY_COUNT_N.
  • the count value CMAC_KEY_COUNT_M may be updated every time when the MS plans to perform a handover procedure, the count value CMAC_KEY_COUNT_M should be greater than or equal to the count value CMAC_KEY_COUNT_N uploaded to the Core Network in the initial network entry stage or network re-entry stage.
  • the TBS derives the AK context with the received CMAC_KEY_COUNT_M, and verifies the integrity of the MS by using the key in the AK context. As an example, the TBS verify the CKC_Digest as shown in Eq.
  • the traffic data transmission may begin after the TEKs are respectively derived by the MS and the TBS according to the synchronized CMAC_KEY_COUNT_M and CMAC_KEY_COUNT_TBS.
  • the AK context may also be generated by the Authenticator or any other network devices in the Core Network, and forwarded to the TBS.
  • the count value CMAC_KEY_COUNT_M may be updated to the Core Network in the Network re-entry stage (not shown).
  • FIG. 13 shows the message flows of handover operation procedures according to another embodiment of the invention.
  • the MS may update the count value CMAC_KEY_COUNT_M for the handover in the handover negotiation stage.
  • the updated count value CMAC_KEY_COUNT_M may be transmitted to the SBS via the handover request message.
  • the SBS may verify the count value CMAC_KEY_COUNT_M by determining whether the count value CMAC_KEY_COUNT_M is greater than or equal to the count value CMAC_KEY_COUNT_SBS maintained by the SBS.
  • the SBS may further transmit the count value CMAC_KEY_COUNT_M to the Authenticator via any message.
  • the SBS transmits the count value CMAC_KEY_COUNT_M via an indication message CMAC_KEY_COUNT_UPDATE to the Authenticator as shown in FIG. 13 .
  • the Authenticator may next forward the count value CMAC_KEY_COUNT_M to the TBS via, as an example, a HO_INFO_IND message.
  • the MS since the TBS trusts the Authenticator, the MS doesn't need to transmit any additional information to verify integrity.
  • the TBS may generate the AK context and derive the TEKs according to the count value CMAC_KEY_COUNT_M.
  • the traffic data transmission may begin after the TEKs are respectively derived by the MS and the TBS according to the synchronized count values.
  • the AK context may also be generated by the Authenticator or any other network devices in the Core Network, and forwarded to the TBS. Thus, the invention should not be limited thereto.
  • the count value CMAC_KEY_COUNT_M may be updated to the Core Network in the Network re-entry stage (not shown).
  • the TEKs derived by the MS and the TBS are consistent and the traffic data can be decrypted and decoded correctly.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
US12/432,841 2008-04-30 2009-04-30 Method for deriving traffic encryption key Abandoned US20090274302A1 (en)

Priority Applications (6)

Application Number Priority Date Filing Date Title
US12/432,841 US20090274302A1 (en) 2008-04-30 2009-04-30 Method for deriving traffic encryption key
JP2011506564A JP5225459B2 (ja) 2008-04-30 2009-04-30 トラフィック暗号化キーの派生方法
PCT/CN2009/071612 WO2009132599A1 (en) 2008-04-30 2009-04-30 Method for deriving traffic encryption key
CN2009800001444A CN101682931B (zh) 2008-04-30 2009-04-30 移动台、基站及流量加密密钥的产生方法
TW098114361A TWI507059B (zh) 2008-04-30 2009-04-30 行動台、基地台及流量加密密鑰之產生方法
EP09737709.7A EP2277351A4 (en) 2008-04-30 2009-04-30 METHOD FOR LEADING A TRAFFIC ENCRYPTION KEY

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US4896508P 2008-04-30 2008-04-30
US5181908P 2008-05-09 2008-05-09
US5304108P 2008-05-14 2008-05-14
US12/432,841 US20090274302A1 (en) 2008-04-30 2009-04-30 Method for deriving traffic encryption key

Publications (1)

Publication Number Publication Date
US20090274302A1 true US20090274302A1 (en) 2009-11-05

Family

ID=41254780

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/432,841 Abandoned US20090274302A1 (en) 2008-04-30 2009-04-30 Method for deriving traffic encryption key

Country Status (6)

Country Link
US (1) US20090274302A1 (zh)
EP (1) EP2277351A4 (zh)
JP (1) JP5225459B2 (zh)
CN (1) CN101682931B (zh)
TW (1) TWI507059B (zh)
WO (1) WO2009132599A1 (zh)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090307496A1 (en) * 2008-06-03 2009-12-10 Lg Electronics Inc. Method of deriving and updating traffic encryption key
US20100205442A1 (en) * 2009-02-12 2010-08-12 Lg Electronics Inc. Method and apparatus for traffic count key management and key count management
US20100257364A1 (en) * 2009-04-02 2010-10-07 Samsung Electronics Co., Ltd. Apparatus and method for processing authentication of handover ranging message in wireless communication system
US20110026714A1 (en) * 2009-07-29 2011-02-03 Motorola, Inc. Methods and device for secure transfer of symmetric encryption keys
US20110107085A1 (en) * 2009-10-30 2011-05-05 Mizikovsky Semyon B Authenticator relocation method for wimax system
CN102111761A (zh) * 2009-12-28 2011-06-29 深圳华为通信技术有限公司 密钥管理方法及设备
US20110194531A1 (en) * 2010-02-08 2011-08-11 Lg Electronics Inc. Method of network re-entry in a broadband wireless access system
WO2011109795A2 (en) * 2010-03-05 2011-09-09 Intel Corporation Local security key update at a wireless communication device
WO2011137823A1 (zh) * 2010-08-02 2011-11-10 华为技术有限公司 密钥隔离方法和装置
US20130129091A1 (en) * 2011-11-17 2013-05-23 Samsung Electronics Co., Ltd. Method and apparatus for managing security keys for communication authentication with mobile station in wireless communication system
US20130263286A1 (en) * 2010-12-16 2013-10-03 France Telecom A method of authenticating a user of a terminal with a service provider
US20140120874A1 (en) * 2012-10-25 2014-05-01 Samsung Electronics Co., Ltd Method and device for managing security key for communication authentication of subscriber station used in cooperative communication of multiple base station in radio communication system
US20140155056A1 (en) * 2011-08-11 2014-06-05 Nec Corporation Mobile radio communications network optimisation
US20140335861A1 (en) * 2013-05-08 2014-11-13 Nokia Siemens Networks Oy Methods and Apparatus for Handover Management
US20150038148A1 (en) * 2013-08-01 2015-02-05 Electronics And Telecommunications Research Institute Method and apparatus for handover based on cooperation between base stations
US20150140968A1 (en) * 2010-03-17 2015-05-21 Telefonaktiebolaget L M Ericsson (Publ) Enhanced Key Management For SRNS Relocation
US9549350B2 (en) 2013-04-15 2017-01-17 Nokia Solutions And Networks Oy Methods and apparatus for handover management
US20170134996A1 (en) * 2014-06-23 2017-05-11 Nec Corporation Communication system adapted for key derivation during handover
US10938556B2 (en) * 2017-12-01 2021-03-02 Idemia Identity & Security France Method of sharing a key serving to derive session keys for encrypting and authenticating communications between an object and a server
US11395164B2 (en) * 2017-04-18 2022-07-19 Huawei Technologies Co., Ltd. Method, apparatus and computer-readable medium for terminal monitoring information synchronization

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012096496A2 (en) * 2011-01-10 2012-07-19 Samsung Electronics Co., Ltd. Method and apparatus for encrypting short data in a wireless communication system
KR101458479B1 (ko) * 2012-10-12 2014-11-07 한국전자통신연구원 세션상태정보의 암호화 및 복호화 방법
WO2017195719A1 (ja) * 2016-05-13 2017-11-16 京セラ株式会社 無線端末及び基地局
CN108282781A (zh) * 2017-01-06 2018-07-13 中兴通讯股份有限公司 移动过程中的数据传输的方法、终端和基站

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778075A (en) * 1996-08-30 1998-07-07 Telefonaktiebolaget, L.M. Ericsson Methods and systems for mobile terminal assisted handover in an private radio communications network
US20060188098A1 (en) * 2005-02-21 2006-08-24 Seiko Epson Corporation Encryption/decryption device, communication controller, and electronic instrument
WO2007046630A2 (en) * 2005-10-18 2007-04-26 Lg Electronics Inc. Method of providing security for relay station
US20070192605A1 (en) * 2006-02-13 2007-08-16 Mizikovsky Simon B Method of cryptographic synchronization
US20070210894A1 (en) * 2003-10-31 2007-09-13 Ae-Soon Park Method for Authenticating Subscriber Station, Method for Configuring Protocol Thereof, and Apparatus Thereof in Wireless Protable Internet System
US20080080713A1 (en) * 2004-03-05 2008-04-03 Seok-Heon Cho Method For Managing Traffic Encryption Key In Wireless Portable Internet System And Protocol Configuration Method Thereof, And Operation Method Of Traffic Encryption Key State Machine In Subscriber Station
US20080137853A1 (en) * 2006-12-08 2008-06-12 Mizikovsky Semyon B Method of providing fresh keys for message authentication
US20090019284A1 (en) * 2005-03-09 2009-01-15 Electronics And Telecommunications Research Instit Authentication method and key generating method in wireless portable internet system
US7499548B2 (en) * 2003-06-24 2009-03-03 Intel Corporation Terminal authentication in a wireless network
US20090164788A1 (en) * 2006-04-19 2009-06-25 Seok-Heon Cho Efficient generation method of authorization key for mobile communication
US20090235075A1 (en) * 2005-06-10 2009-09-17 Seok-Heon Cho Method for managing group traffic encryption key in wireless portable internet system

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2788914B1 (fr) * 1999-01-22 2001-03-23 Sfr Sa Procede d'authentification, avec etablissement d'un canal securise, entre un abonne et un fournisseur de services accessible via un operateur de telecommunication
CN100388849C (zh) * 2003-12-18 2008-05-14 中国电子科技集团公司第三十研究所 数字蜂窝移动通信系统用户切换时密钥的管理分配传递方法
KR100684310B1 (ko) * 2004-03-05 2007-02-16 한국전자통신연구원 무선 휴대 인터넷 시스템에서의 트래픽 암호화 키 관리방법 및 그 프로토콜 구성 방법, 그리고 가입자단말에서의 트래픽 암호화 키 상태 머신의 동작 방법
WO2006096017A1 (en) * 2005-03-09 2006-09-14 Electronics And Telecommunications Research Institute Authentication method and key generating method in wireless portable internet system
US20060240802A1 (en) * 2005-04-26 2006-10-26 Motorola, Inc. Method and apparatus for generating session keys
US7602918B2 (en) * 2005-06-30 2009-10-13 Alcatel-Lucent Usa Inc. Method for distributing security keys during hand-off in a wireless communication system
CN101243719B (zh) * 2005-07-06 2012-10-17 诺基亚公司 安全的会话密钥上下文
CN1942002A (zh) * 2005-09-29 2007-04-04 华为技术有限公司 通信网络中终端切换后更新tek的实现方法
EP1841267B1 (en) * 2006-03-31 2019-06-12 Samsung Electronics Co., Ltd. System and method for optimizing authentication procedure during inter access system handovers
DE102006038591B4 (de) * 2006-08-17 2008-07-03 Siemens Ag Verfahren und Anordnung zum Bereitstellen eines drahtlosen Mesh-Netzwerks
KR20080033763A (ko) * 2006-10-13 2008-04-17 삼성전자주식회사 와이브로 네트워크에서의 상호인증을 통한 핸드오버 방법및 그 시스템

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5778075A (en) * 1996-08-30 1998-07-07 Telefonaktiebolaget, L.M. Ericsson Methods and systems for mobile terminal assisted handover in an private radio communications network
US7499548B2 (en) * 2003-06-24 2009-03-03 Intel Corporation Terminal authentication in a wireless network
US20070210894A1 (en) * 2003-10-31 2007-09-13 Ae-Soon Park Method for Authenticating Subscriber Station, Method for Configuring Protocol Thereof, and Apparatus Thereof in Wireless Protable Internet System
US20080080713A1 (en) * 2004-03-05 2008-04-03 Seok-Heon Cho Method For Managing Traffic Encryption Key In Wireless Portable Internet System And Protocol Configuration Method Thereof, And Operation Method Of Traffic Encryption Key State Machine In Subscriber Station
US20060188098A1 (en) * 2005-02-21 2006-08-24 Seiko Epson Corporation Encryption/decryption device, communication controller, and electronic instrument
US20090019284A1 (en) * 2005-03-09 2009-01-15 Electronics And Telecommunications Research Instit Authentication method and key generating method in wireless portable internet system
US20090235075A1 (en) * 2005-06-10 2009-09-17 Seok-Heon Cho Method for managing group traffic encryption key in wireless portable internet system
WO2007046630A2 (en) * 2005-10-18 2007-04-26 Lg Electronics Inc. Method of providing security for relay station
US20070192605A1 (en) * 2006-02-13 2007-08-16 Mizikovsky Simon B Method of cryptographic synchronization
US20090164788A1 (en) * 2006-04-19 2009-06-25 Seok-Heon Cho Efficient generation method of authorization key for mobile communication
US20080137853A1 (en) * 2006-12-08 2008-06-12 Mizikovsky Semyon B Method of providing fresh keys for message authentication

Cited By (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090307496A1 (en) * 2008-06-03 2009-12-10 Lg Electronics Inc. Method of deriving and updating traffic encryption key
US8738913B2 (en) * 2008-06-03 2014-05-27 Lg Electronics Inc. Method of deriving and updating traffic encryption key
US20100205442A1 (en) * 2009-02-12 2010-08-12 Lg Electronics Inc. Method and apparatus for traffic count key management and key count management
US8707045B2 (en) * 2009-02-12 2014-04-22 Lg Electronics Inc. Method and apparatus for traffic count key management and key count management
US20100257364A1 (en) * 2009-04-02 2010-10-07 Samsung Electronics Co., Ltd. Apparatus and method for processing authentication of handover ranging message in wireless communication system
US8509448B2 (en) * 2009-07-29 2013-08-13 Motorola Solutions, Inc. Methods and device for secure transfer of symmetric encryption keys
US20110026714A1 (en) * 2009-07-29 2011-02-03 Motorola, Inc. Methods and device for secure transfer of symmetric encryption keys
US20110107085A1 (en) * 2009-10-30 2011-05-05 Mizikovsky Semyon B Authenticator relocation method for wimax system
US8443431B2 (en) * 2009-10-30 2013-05-14 Alcatel Lucent Authenticator relocation method for WiMAX system
CN102111761A (zh) * 2009-12-28 2011-06-29 深圳华为通信技术有限公司 密钥管理方法及设备
US20110194531A1 (en) * 2010-02-08 2011-08-11 Lg Electronics Inc. Method of network re-entry in a broadband wireless access system
WO2011109795A2 (en) * 2010-03-05 2011-09-09 Intel Corporation Local security key update at a wireless communication device
US8855603B2 (en) 2010-03-05 2014-10-07 Intel Corporation Local security key update at a wireless communication device
WO2011109795A3 (en) * 2010-03-05 2012-01-26 Intel Corporation Local security key update at a wireless communication device
US9350537B2 (en) * 2010-03-17 2016-05-24 Telefonaktiebolaget Lm Erricsson (Publ) Enhanced key management for SRNS relocation
US20150140968A1 (en) * 2010-03-17 2015-05-21 Telefonaktiebolaget L M Ericsson (Publ) Enhanced Key Management For SRNS Relocation
US8934914B2 (en) 2010-08-02 2015-01-13 Huawei Technologies Co., Ltd. Key separation method and device
WO2011137823A1 (zh) * 2010-08-02 2011-11-10 华为技术有限公司 密钥隔离方法和装置
US20130263286A1 (en) * 2010-12-16 2013-10-03 France Telecom A method of authenticating a user of a terminal with a service provider
US10275580B2 (en) * 2010-12-16 2019-04-30 Orange Method of authenticating a user of a terminal with a service provider
US20140155056A1 (en) * 2011-08-11 2014-06-05 Nec Corporation Mobile radio communications network optimisation
US20130129091A1 (en) * 2011-11-17 2013-05-23 Samsung Electronics Co., Ltd. Method and apparatus for managing security keys for communication authentication with mobile station in wireless communication system
US9380459B2 (en) * 2011-11-17 2016-06-28 Samsung Electronics Co., Ltd. Method and apparatus for managing security keys for communication authentication with mobile station in wireless communication system
US20140120874A1 (en) * 2012-10-25 2014-05-01 Samsung Electronics Co., Ltd Method and device for managing security key for communication authentication of subscriber station used in cooperative communication of multiple base station in radio communication system
US9654969B2 (en) * 2012-10-25 2017-05-16 Samsung Electronics Co., Ltd. Method and device for managing security key for communication authentication of subscriber station used in cooperative communication of multiple base station in radio communication system
US9549350B2 (en) 2013-04-15 2017-01-17 Nokia Solutions And Networks Oy Methods and apparatus for handover management
US20140335861A1 (en) * 2013-05-08 2014-11-13 Nokia Siemens Networks Oy Methods and Apparatus for Handover Management
US20150038148A1 (en) * 2013-08-01 2015-02-05 Electronics And Telecommunications Research Institute Method and apparatus for handover based on cooperation between base stations
US20170134996A1 (en) * 2014-06-23 2017-05-11 Nec Corporation Communication system adapted for key derivation during handover
US11395164B2 (en) * 2017-04-18 2022-07-19 Huawei Technologies Co., Ltd. Method, apparatus and computer-readable medium for terminal monitoring information synchronization
US10938556B2 (en) * 2017-12-01 2021-03-02 Idemia Identity & Security France Method of sharing a key serving to derive session keys for encrypting and authenticating communications between an object and a server

Also Published As

Publication number Publication date
CN101682931B (zh) 2012-09-05
CN101682931A (zh) 2010-03-24
EP2277351A4 (en) 2015-12-23
WO2009132599A1 (en) 2009-11-05
JP5225459B2 (ja) 2013-07-03
EP2277351A1 (en) 2011-01-26
TWI507059B (zh) 2015-11-01
JP2011519235A (ja) 2011-06-30
TW200948160A (en) 2009-11-16

Similar Documents

Publication Publication Date Title
US20090274302A1 (en) Method for deriving traffic encryption key
US20090276629A1 (en) Method for deriving traffic encryption key
US8627092B2 (en) Asymmetric cryptography for wireless systems
US7793103B2 (en) Ad-hoc network key management
CA2662846C (en) Method and apparatus for establishing security associations between nodes of an ad hoc wireless network
US9332428B2 (en) Method and device for managing encrypted group rekeying in a radio network link layer encryption system
US20100211790A1 (en) Authentication
US20060233376A1 (en) Exchange of key material
US20120017088A1 (en) Wireless local area network terminal pre-authentication method and wireless local area network system
US9143321B2 (en) Communication protocol for secure communications systems
US20050086481A1 (en) Naming of 802.11 group keys to allow support of multiple broadcast and multicast domains
CA2865314C (en) Communication protocol for secure communications systems
US9071964B2 (en) Method and apparatus for authenticating a digital certificate status and authorization credentials
KR20080090733A (ko) 다중 홉 기반의 광대역 무선통신 시스템에서 보안연결 방법및 시스템

Legal Events

Date Code Title Description
AS Assignment

Owner name: MEDIATEK INC., TAIWAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:WU, LIN-YI;LEE, CHI-CHEN;FU, I-KANG;REEL/FRAME:022617/0757

Effective date: 20090421

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION